June 8, 2011

Beating Bad Habits

How community organizers are working together for more secure online communications

KITCHENER, ON—Over the past two years infiltration and disruption of activist and media organizations as well as anarchist communities by undercover cops have been on the rise across Canada. This has included high profile cases of police infiltrating groups organizing resistance to the 2010 Winter Olympics on Coast Salish Territories and the G20 summit in Toronto.

Throughout these experiences one thing is now clear: beyond our often naive approach to security culture many in the social and ecological justice movements are not practicing good computer security habits.

In response to this growing need the Montreal-based Anarchist Tech Security collective (Anarchistes pour des technologies solidaires—ATS) formed after the G20. Mobilizing to fill the tech security gap they provide workshops and information about online safety and anonymity. “I think in a general sense we are working on bringing the secure technologies and useful tools to anarchists,” said founding member Boskote (a pseudonym).

The ATS has been travelling throughout the Maritimes, Quebec and Ontario since summer 2010 holding workshops on tech security in front of all kinds of crowds: from small groups in living rooms to standing room only halls at anarchist book fairs.

“People were stressing due to all the surveillance and we responded to that,” said Boskote. “Email and instant messaging is insecure by default; it was normal, but as surveillance and infiltration was becoming more obvious, that normal became a problem.”

Beyond showing participants how to set up certified and encrypted email, anonymous and secure web browsing and verified and encrypted instant messenger programs, the two-and-a-half hour workshop also opened up discussions on hard drive and file encryption, security firewalls and the way internet communications work. Sometimes the workshops were followed by discussions on open source software (see box 1), steps for establishing difficult to break passwords (see box 2), or emerging ideas on the intriguingly named “zones of opacity.”

”The inspiration for the ‘zone of opacity’ comes from a community in Athens, Greece, where there is a really strong anarchist presence,” said Boskote. “The relationships...and all the aspects of what is going on in a space (physical, social, or technological), are opaque to the state or other form of dominating power,” he explained. “It is not possible for the state to see or know what is going on there.” The ATS emphasizes that if the state cannot determine your daily patterns and movements, your attitudes and relationships, or how you accomplish the objectives of your aspirations, it will be hesitant to invade your community’s spaces.

“We hope to help build zones of opacity in anarchist communities,” said Boskote. “If we can prevent the state from surveilling us we will be stronger.”

One of the challenges of sharing these kinds of skills, though, is the widely varying degree of experience among community members. While some—especially those with prior computer experience—have found the ATS's information relatively straightforward and easy to understand others find the learning curve a bit steeper.

“[The workshop] was a lot of info and I will likely have to go over a lot of it again,” said one participant after their first session with ATS. “But it was surprising how easy it was to set up and start using these tools. Plus, if practicing better computer security will help keep my friends and allies out of jail, then yeah, it is obviously worth it.”

It is not only participants who are still adapting to the new reality of online security.

“Far from being experts, we started out knowing nothing about this. We were figuring it out by ourselves and it took quite a while,” said Boskote. “It is through the process of these workshops that we are learning more and more about computer security as some people who come attend the workshops help to fill the gaps in our knowledge.”

It is important for us to recognize the values in the way these tools were created, Boskote said, relating as they do to the horizontal, anti-corporate organizing of the subculture of open source software and self-identified hackers who built these tech security systems.

Even with this recognition however, he explained “The technology that we use needs to change along with, and contribute to, the changes of the rest of society.”

With so many in need of creating a safer space online, and with a limited supply of knowledgeable facilitators, people may be overwhelmed at the prospect of setting up their own systems of computer security. Thankfully, those who are yet to organize a tech security workshop in their town can start practicing good computer security guided by great online resources.

Security In A Box is a collaborative project whose aim is to "meet the digital security and privacy needs of advocates and human rights defenders." The site includes how-to guides addressing various digital security issues and offers free instruction taking users through the processes of setting up and maintaining private internet communications and secure file storage systems.

With the spread of social media, computer security and web anonymity have become important issues. “The kind of information people are posting on the internet is the kind of stuff that the state usually infiltrates groups to get: social networks, personal relationships, day-to-day movements. That is what surveillance is and that is a major problem that needs to be criticized and thought about,” said Boskote.

Noting that facebook and other social media are “really useful tools,” Boskote argues that “we need to figure out how to separate out their usefulness as tools and the dangerous aspects of sharing information that the state can use to infiltrate, disrupt and repress our movements. We need to use the tools in a safer way.” (See box 3.)

As social and ecological justice movements grow in the face of increasing criminalization of dissent, there is a need to build a tech security culture beyond the use of secure communications and Trojan-free computers. (Trojans are malicious programs which create “back-door” access to your computer over the internet or use your computer to carry out attacks on other computers).

“We stress this in our workshops: tech and computer security technologies are necessary but not sufficient part of security culture,” said Boskote. Taking out your cell phone’s battery while planning demonstrations may eliminate audio surveillance but, as was highlighted at the ATS workshop, if tech security is being used and the other security measures are being ignored then there are obvious failure points. In other words: tech security does not identify an infiltrator or informant in your community.

In addition to understanding and implementing computer security, the need to build supportive and resilient communities that communicate across regions remains. “There is no way to make communication 100 per cent inaccessible to surveillance and it's obviously not possible to make ourselves socially secure,” said Boskote in his final remarks before departing to New York to hold another workshop at the city’s annual anarchist book fair. “In both cases, we just have to try our best. Security goes way beyond tech security.”

Box 2

A sentence that only you will think of/a unique phrase that you will remember (8+words long).

Substitute numbers for words where possible or add numbers to end of phrase.

Take the first letter from each word.

Substitute special characters and numbers for letter (a=@, s=$, i or 1=!, etc.)

Use suffixes for different sites (facebook=fbk, twitter=twt, youtube=ytb, etc.)

Have a few of these passwords depending on how secure you need.

Change passwords every 3-6 months.

Box 3

ATS Facebook Tip
Setting up a single account on Facebook which is for a whole group who shares a password, where members can access the accounts anonymously through ToR (torproject.org), and folks can communicate with these entities and remain anonymous. It does not get away from all the problems of Facebook but it creates barriers between these online presences and peoples’ actual identities. Things like that try to make it so we can use these important tools when it is necessary without having all the negative consequences.

Dan Kellar is an organizer with AW@L in Kitchener, co-host of AW@L radio on rabble.ca and 100.3 SoundFM co-op radio Waterloo, and was a co-conspirator with the 2010 G20 and anti-Olympic media centres.

This article was produced with the support of Koumbit, as part of an ongoing series on technology, society and politics. Koumbit is a non-profit company which promotes the use of free & open source software by community groups in Quebec, Canada and abroad.

By the same author:

Comments

Advertisement

Want to receive an email notice when a new issue is online?
Click here

The Dominion is a monthly paper published by an incipient network of independent journalists in Canada. It aims to provide accurate, critical coverage that is accountable to its readers and the subjects it tackles. Taking its name from Canada's official status as both a colony and a colonial force, the Dominion examines politics, culture and daily life with a view to understanding the exercise of power.